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System and Method for Establishing Authenticated Wireless 
Connection Between Mobile Unit and Host 

Background 

[0001] With the advent of wireless networking, many problems 
have arisen regarding the security and the authentication of 
wireless communications between devices. One possible solution 
to these problems is to utilize a personal identity number 
("PIN") code in order to establish an authenticated wireless 
communication between such devices. For example, the PIN code 
may be used when a first device is attempting to connect to a 
second device. The user of the first device is required to enter 
the PIN before the secure and authenticated wireless connection 
with the second device can be established. 

[0002] In conventional devices, the user may enter the PIN 
code through any standard input, means, such as a keyboard, a 
keypad, touch screen, etc. This method may present a problem, 
however, for certain types of mobile devices which lack those 
conventional input means. For example, a wireless barcode 
scanner may not have any of these conventional input means. 

There is a need for a system and method to enable the first 
devices that lack conventional input means to establish an 
authenticated wireless connection with the second devices. 

Summary of the Invention 

[0003] The present invention relates to a method and system 

for establishing an authenticated wireless communication between 
a first mobile device and a second device. The first device may 
communicate with the second device using Bluetooth technology. 

The first device (e.g., a mobile barcode scanner) sends a first 
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signal to establish an initial wireless communication with the 
second device. The first device includes a data capturing 
arrangement ( "DCA" ) as the only input device interface with a 
user thereof. The second device initiates an authentication 
process by requesting the first device to obtain the PIN code 
from the user. 

[0004] Once the first device obtains the PIN code from the 
user via the DCA, a pairing process is performed to compare the 
PIN code to entries in a database of authorized PIN codes. When 
the pairing process has been successfully completed, a link key 
is generated to establish the authenticated wireless 
communication between the first and second devices. 



Brief Description of the Drawings 

[0005] The accompanying drawings are included to provide a 
further understanding of the invention and are incorporated into 
and constitute part of the specification, illustrate several 
embodiments of the invention and, together with the description, 
serve to explain examples of the present invention. In the 
drawings : 

Fig. 1 shows an exemplary system according to the present 
invention for establishing an authenticated wireless connection 
between a mobile unit and a host device; 

Fig. 2 shows an exemplary method according to the present 
invention for establishing the authenticated wireless connection 
between the mobile unit and the host device; and 

Fig. 3 shows another exemplary embodiment of the system 
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according to the present invention which is utilized in a retail 
environment . 

Detailed Description 

[0006] Fig. 1 shows an exemplary embodiment of a system 1 for 
establishing an authenticated wireless communication. The system 
1 may include a plurality of devices that are capable of 
communicating with each other using any of conventional wireless 
communication standards (e.g., Bluetooth, etc.) . The system 1 
includes two such devices: a mobile unit ("MU") 2 and a host 
device ("HD") 12. The MU 2 may be a wireless mobile unit that is 

user-operated but is lacking conventional input means such as a 
keypad or a touchscreen (e.g., a mobile barcode scanner using 
Bluetooth technology) . The MU 2 includes a wireless 
communication arrangement 5 which allows the MU 2 to wirelessly 
communicate with the HD 12 . 

[0007] The MU 2 may also include a data capturing arrangement 
("DCA") 4 which is a primary means of inputting information into 
the MU 2 for a user of such device. The DCA 4 acquires images 
which are then processed to generate corresponding data encoded 
or stored in those images. The DCA 4 may be an imager that 
captures images using CCD technology or a scanner that captures 
images using. a laser technoloy. For instance, the- DCA 4 may 
generate pricing information by scanning a barcode 6 placed on 
merchandise. The barcode 6 may be a conventional barcode or a 
two-dimensional barcode. Those skilled in the art will 
understand that the barcode 6 may be any image that is capable of 
storing information that could be read by the MU 2. 

[0008] In an alternative exemplary embodiment of the present 
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invention, the MU 2 may include a plurality of output means 
(e.g., a display screen 8, a speaker 7, the LEDs 9) . The screen 
8 may display a variety of input and output data (e.g., showing 
the data acquired by the DCA 4, prompting the user to perform a 
specific action, etc.) Other output means may also be used to 
communicate with the user. For example, the speaker 7 may emit 
audible sounds and the LEDs 9 may pulsate in order to notify to 
the user of certain status changes (e.g,, a low battery, input 
required, out of communication range, etc.). 

[ 0009 ] The HD 12 is a computing device that may include a 
wireless access port ("AP") 10 and a database ("DB") 14. The AP 
10 and the arrangement 5 provide the wireless connection between 
the HD 12 and the MU 2 . The AP 10 and the arrangement 5 are 
capable, of transmitting to, as well as receiving signals from 
each other. The DB 14 may contain a plurality of authorized PIN 
codes which correspond to authorized devices with which the HD 12 
may communicate. The PIN codes are prestored into the DB 14 
prior to communications with any devices (i.e., the MU 2). 

[ 0010 ] Fig. 2 shows an exemplary method for establishing the 
authenticated wireless connection between the MU 2 and the HD 12. 
In step 20, the MU 2 initiates a contact with the HD 12 by 
transmitting a wireless signal. The signal introduces the MU 2 
to the HD 12 as a device which "desires" to establish the 
authenticated wireless communication with the HD 12 . 

[ 0011 ] In step 22, once the HD 12 receives the initial 
wireless signal from the MU 2, the HD 12 initiates an 
authentication process to confirm the identity of the MU 2 and to 
establish the authenticated communication between the devices. 

The authentication process commences by the HD 12 requesting the 
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MU 2 to obtain the PIN code from the user. The PIN code 
indicates an identity of the MU 2 as a device with which the HD 
12 is allowed to establish the authenticated communication. 

Thus, if the user cannot provide a proper PIN code to the MU 2, 
then, as described below in details, the authentication process 
may fail and the authenticated wireless communication cannot be v 

established with the HD 12. 

[ 0012 ] In step 24, after the MU 2 receives the request to 
obtain the PIN code from the user, the MU 2 prompts the user to 
enter the PIN code. The MU 2 may notify the user in a plurality 
of ways. For example, the MU 2 may emit a specific sound (e.g., 
a sequence of beeping sounds) which denotes that the user must 
enter the PIN code. Alternatively, the MU 2 may display a prompt 
on the screen 8 or flash certain LEDs 9 to notify the user of 
this status change.. 

[ 0013 ] In step 26, after the user is prompted to enter the PIN 
code, the user needs to' enter the PIN code within a specified 
time period. In the exemplary embodiment, the user may scan the 
barcode 6 using the MU 2 to enter the PIN code. Once the barcode 
6 is scanned, the MU 2 may notify the user that the PIN code has 
been extracted from the barcode 6 by using the available output 
means (e.g., displaying the confirmation on the screen 8, 
producing an audible sound, flashing LEDs 9, etc.) . 

[ 0014 ] If the PIN code is not timely provided to the MU 2, 
then, for example, the authentication process may be 
discontinued. For instance, the MU and the HD 12 may be 
preprogrammed to await for a response for a specified period of 
time before aborting the authenticated process. The time period 
for entering the PIN code, however, must be sufficiently long, 
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approximately 5 to 10 seconds, so that the user is able to scan 
the barcode 6 . 

[ 0015 ] In step 28, the PIN code provided by the user must be 
compared against authorized PIN codes stored in the DB 14 of the 
HD 12 . This pairing process must be successfully completed 
between the HD 12 and the MU 2 prior to establishment of the 
authenticated wireless connection. During the pairing process, 
the HD 12 forwards first sample data (e.g., random data) to the 
MU 2. The MU 2 receives this first data and utilizes this first 
data in conjunction with the PIN code and a conventional hashing 
procedure to generate second data. At least a portion of the 
second data or the entire second data is forwarded to the HD 12 
which utilizes one of the PIN codes stored in the DB 14 and the 
same hashing procedures to generate third data. The second data 
and the third data are compared. If the second and third data do 
not match, then the authentication process fails and no 
authenticated communication between devices is established (step 
34) . In an alternative exemplary embodiment of the present 
invention, the HD 12 returns to step 24 where it requires that 
the user reenter the PIN code into the MU 2. If, however, the 
second and third data matches, then the pairing process is 
successfully completed and a link key is generated (step 30) . 

[ 0016 ] The link key is a random number that is shared between 
the HD 12 and the MU 2 and utilized for the authenticated 
wireless communications between them. The link key may be a 
permanent link key or a temporary link key. The permanent link 
key may be stored in the HD 12 and the MU 2 and may be used after 
the current authenticated communication with the MU 2 is 
terminated. This procedure allows for faster connectivity during 
subsequent sessions between the MU 2 and the HD 12 since the 



7 




pairing process may be completely circumvented. The temporary 
link key, however, lasts only for the duration of the current 
authenticated communication established by the MU 2. Hence, if 
the MU 2 attempts to establish the authenticated communication 
with the HD 12 at a later point, the MU 2 and the HD 12 would 
need to go through the authentication process once again. 

[ 0017 ] In step 32, the HD 12 and the MU 2 establish the 
authenticated wireless connection using the link key. In 
addition, the users may desire to create a secure wireless 
communication between .the MU 2 and the HD 12 by utilizing a 
conventional encryption technology to prevent, e.g., any 
"eavesdropping" . 

[ 0018 ] Fig. 3 shows an exemplary embodiment of a system 
according to the present invention which is utilized in a retail 
environment. The MU 2 may be a wireless barcode scanner that 
scans barcodes on merchandise during check-out to obtain specific 
information about the items (e.g., price, inventory, etc.). The 
MU 2 is capable of communicating with base stations 40a-40c which 
are substantially similar to the HD 12. The AP 10 is utilized 
for wireless communications with the MU 2. The barcode 6 
includes a PIN code that allows the MU 2 to communicate with the 
station 40a and may be situated in a close proximity to the 
stations 40a-40c. Each station 40a-40c may be connected to a 
point-of-sale ("POS") terminals 42a-42c (e.g., cash register) 
respectively. The POS terminals 42a-42c may be used to perform 
checkout tasks (e.g., printing receipts, displaying prices, 
registering cash, etc.) . 

[0019] The present invention allows employees of a retail 
establishment to use any one of the POS terminals 42a-42c at 
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their convenience. It is preferred, however, to ensure that the 
MU 2 only communicates with a single POS terminal 42a-42c at a 
time. Otherwise, a single MU 2 may connect to a plurality of POS 
terminals 42a-42c. This may create many technical problems for 
the retail establishment (e.g., improper charges to customer 
accounts, wrong inventory deductions, etc.). 

[ 0020 ] As shown in Fig . 3 the MU 2 connects to the POS 42a. 

The user of the MU 2 initiates a wireless communication as 
discussed in step 20 shown in Fig. 2. The initial wireless 
communication may be received by all POS terminals 42a-42c, and 
each POS terminal 42a-42c may attempt to connect with the MU 2. 

[ 0021 ] The problem of multiple wireless connections is 
alleviated' by the present invention. Since the user of the MU 2 
is required to enter a PIN code for the specific POS terminal 
42a-42c with which he intends to establish the authenticated 
wireless communication, the MU 2 will only communicate with one 
POS terminal 42a-42c at a time. After initiating the' wireless 
communication, the user scans the barcode 6 that appears on the 
station 40a attached to the POS 42a. 

[ 0022 ] After scanning the barcode 6, the MU 2 establishes the 
authenticated wireless communication only with the POS 40 in the 
following manner. The MU 2 and POS terminals 42a-42c perform the 
pairing process . The PIN code may only match one of the 
authorized PIN codes stored in the DB 14 of the POS terminal 42a. 
Therefore, the MU 2 only pairs with the POS terminal 42a, and not 
other POS terminals 42b and 42c. This allows the MU 2 to 
communicate solely with a single POS terminal 42a without 
interfering with the^ operation of other POS terminals 42b and 
42c. f 
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[0023] One of the advantages of the present invention is that 
it provides for the authenticated wireless communications between 
mobile units which lack conventional input means and host 
devices. As illustrated in Fig. 3, a wireless barcode scanner 
may be used to operate any one of a plurality of host devices 
without interfering with the operation of others. 

[0024] Another advantage of the present invention is that 
mobile units that are not authorized through the authentication 
process may not be able to establish authenticated communications 
with host devices. The PIN code requirement bars unauthenticated 
third party devices from communicating with the host devices. 

For instance, a third party may attempt to communicate with a 
host device by using a compatible mobile unit. The connection 
between the two devices would not be established, however, since 
the third party mobile unit would not have the proper PIN code, 
despite the fact that the third party mobile unit and the host 
device are compatible. 

[0025] It will be apparent to those, skilled in the art that 
various modifications and variations can be made in the structure 
and the methodology of the present invention, without departing 
from the spirit or scope of the invention. Thus, it is intended 
that the present invention cover the modifications and variations 
of this invention provided they come within the scope of the 
appended claims and their equivalents. 
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